堆栈内存溢出
  简体   繁体   English

如何在Spring Boot OAuth2中自定义JWT解码器

[英]How to customize the jwt decoder in spring boot oauth2

 原文  2019-04-03 09:41:31       spring/ spring-boot/ spring-security/ oauth-2.0

问题描述

I want to dynamically set the jwk-set-uri for different tenant on my resource server which I get the tenant info from a filter. 我想为资源服务器上的其他租户动态设置jwk-set-uri,该服务器从过滤器获取租户信息。 And I have the following resource server config. 而且我有以下资源服务器配置。 

@Slf4j
@Import(SecurityProblemSupport.class)
@RequiredArgsConstructor
@Configuration
@EnableResourceServer
public class ResourceServerConfig extends ResourceServerConfigurerAdapter {

  private final SecurityProblemSupport problemSupport;
  private final RealmProperties realmProperties;
  private final MultiTenantManager multiTenantManager;

  @Override
  public void configure(final HttpSecurity http) throws Exception {
    http
      .csrf().disable()
      .exceptionHandling().authenticationEntryPoint(problemSupport).accessDeniedHandler(problemSupport)
      .and()
        .authorizeRequests().requestMatchers(EndpointRequest.toAnyEndpoint()).permitAll()
      .and().requestMatcher(new OAuthRequestedMatcher()).authorizeRequests().anyRequest()
        .fullyAuthenticated();
  }

  @Bean
  public RequestContextListener requestContextListener() {
    return new RequestContextListener();
  }

  private static class OAuthRequestedMatcher implements RequestMatcher {

    public boolean matches(HttpServletRequest request) {
      String auth = request.getHeader("Authorization");
      log.debug("auth decode from request: ", auth);
      boolean haveOauth2Token = (auth != null) && auth.startsWith("Bearer");
      boolean haveAccessToken = request.getParameter("access_token") != null;
      return haveOauth2Token || haveAccessToken;
    }
  }

  @Override
  public void configure(final ResourceServerSecurityConfigurer config) {
    config.resourceId("login-app");
  }

  @Bean
  SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
    http.authorizeExchange().anyExchange().authenticated().and().oauth2ResourceServer().jwt()
        .jwtDecoder(myCustomDecoder());
    return http.build();
  }

  @Bean
  ReactiveJwtDecoder myCustomDecoder() {
    return realmProperties.getRealms().stream()
    .filter(realm -> realm.getRealm().equals(multiTenantManager.getCurrentTenant()))
    .map(realm -> new NimbusReactiveJwtDecoder(((Realm) realm).getJwkSetUri()))
    .findFirst()
    .orElseThrow(() -> new InternalServerErrorException("cannot find the jwk set url for the realm"));
  }
}

But I got an exception saying 但我有一个例外说 

org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfiguration': Injection of autowired dependencies failed; nested exception is org.springframework.beans.factory.NoSuchBeanDefinitionException: No qualifying bean of type 'org.springframework.security.config.annotation.ObjectPostProcessor<?>' available

Any help on this? 有什么帮助吗? what can I do to dynamic set a jwk set uri to parse the token? 如何动态设置jwk set uri来解析令牌?

Thanks -Peng 谢谢-彭

1 个解决方案

解决方案1
 1  2019-04-03 09:53:30

I solve customizations of token decoding in the following way: 我通过以下方式解决令牌解码的自定义: 

@Configuration
@EnableResourceServer
public class ResourceServerConfig extends ResourceServerConfigurerAdapter {

    // Inject
    private String resourceId;

    // Inject
    private String secret;

    @Override
    public void configure(ResourceServerSecurityConfigurer resources) {
        resources.resourceId(resourceId);
        resources.tokenStore(createTokenStore(new ResourceAccessTokenConverter()));
    }

    private TokenStore createTokenStore(AccessTokenConverter converter) {
        JwtAccessTokenConverter tokenConverter = new CustomJwtAccessTokenConverter();
        tokenConverter.setAccessTokenConverter(converter);
        tokenConverter.setVerifier(new MacSigner(secret));
        TokenStore ts = new JwtTokenStore(tokenConverter);

        return ts;
    }


    public class CustomJwtAccessTokenConverter extends JwtAccessTokenConverter {


        @Override
        protected Map<String, Object> decode(String token) {
            return super.decode(token);
        }

        @Override
        public Map<String, ?> convertAccessToken(OAuth2AccessToken token, OAuth2Authentication authentication) {
            return super.convertAccessToken(token, authentication);
        }

        @Override
        public OAuth2AccessToken extractAccessToken(String value, Map<String, ?> map) {
            return super.extractAccessToken(value, map);
        }

        @Override
        public OAuth2Authentication extractAuthentication(Map<String, ?> map) {
            return super.extractAuthentication(map);
        }

    }

}

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Spring Boot OAuth2 + JWT 和 UserDetailsS​​ervice - Spring Boot OAuth2 + JWT and UserDetailsService Spring Boot 2和OAuth2 / JWT配置 - Spring Boot 2 and OAuth2/JWT configuration JWT与Spring OAuth2 - JWT with Spring OAuth2 如何使用 Spring OAuth2 JWT 令牌? - How to use Spring OAuth2 JWT Token? 如何将 Woocommerce WordPress 插件连接到基于 Spring Security Oauth2 JWT 的 Spring Boot API? - How to connect Woocommerce WordPress plugin to a Spring Boot API based on Spring Security Oauth2 JWT? Spring Boot OAuth2手动创建新的JWT令牌 - Spring Boot OAuth2 manually create new JWT token 春季启动,使用MariaDB和JWT OAuth2进行身份验证的流程 - spring boot, authentification flow with MariaDB and JWT OAuth2 创建隐式JWT时,Spring Boot OAuth2是否启动? - Spring Boot OAuth2 when implicit JWT is created? 带有加密 JWT 访问令牌的 Spring Boot OAuth2 - Spring Boot OAuth2 with encrypted JWT access token 带有 Oauth2 的 Spring Boot - Spring Boot with Oauth2
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM